Step 1 - Update the IAM policy

  • Find the MilkStraw AI access role

In the AWS Management Console, go to IAM (Identity and Access Management), then look for the role you created for us.

  • Edit the existing policy

Find the policy in the role under “permissions” and click on Edit Policy.

  • Replace policy permissions

In the Policy Editor, switch to the JSON tab. Copy and paste the following JSON to add the required permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "application-autoscaling:Describe*",
        "autoscaling:Describe*",
        "ce:Describe*",
        "ce:Get*",
        "ce:List*",
        "cloudwatch:GetMetricData",
        "ec2:Describe*",
        "ec2:AcceptReservedInstancesExchangeQuote",
        "ec2:CancelReservedInstancesListing",
        "ec2:CreateReservedInstancesListing",
        "ec2:DeleteQueuedReservedInstances",
        "ec2:ModifyReservedInstances",
        "ec2:PurchaseHostReservation",
        "ec2:PurchaseReservedInstancesOffering",
        "rds:Describe*",
        "rds:List*",
        "rds:PurchaseReservedDbInstancesOffering",
        "elasticache:List*",
        "elasticache:Describe*",
        "elasticache:PurchaseReservedCacheNodesOffering",
        "es:Describe*",
        "es:List*",
        "es:PurchaseReservedInstanceOffering",
        "organizations:InviteAccountToOrganization",
        "organizations:List*",
        "organizations:Describe*",
        "pricing:DescribeServices",
        "pricing:GetAttributeValues",
        "pricing:GetProducts",
        "savingsplans:Describe*",
        "savingsplans:List*",
        "servicequotas:*",
        "support:*",
        "budgets:*"
      ],
      "Resource": "*"
    }
  ]
}

  • Save and apply

Click Review Policy, then Save Changes to apply the updated permissions.

Step 2 - Verify changes

Refresh webapp.

Additional resources

AWS IAM Policies Documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html